CERTIFICATES - PowerPoint PPT Presentation

CERTIFICATES. “ a document containing a certified statement, especially as to the truth of something ”. What is a Digital Certificate?. Electronic counterparts to driver licenses,passports.

Copyright Complaint Adult Content Flag as Inappropriate

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

PowerPoint Slideshow about 'CERTIFICATES' - vanig

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

Criticality indicator: Simple flag that indicates whether an occurrence of an extension is critical or non-critical. The purpose of this is to accommodate environments in which different system implementations recognize different sets of extensions.

General Extensions:: Like CRL number – incrementing number for each CRL issued in sequence covering the same certificate population. Invalidity date:: This is CRL entry extension field indicates a date when it is known or suspected that a private key was compromised.

CRL Distribution Point :: Identifies the point or points that distribute CRL’s on which a revocation notification for this certificate would appear if this certificate were to be revoked.

Delta-CRL’s: It is a digitally signed list of the changes that occurred since the issuance of the prior base CRL.

Issuing CRLs regularly such as hourly,daily or weekly…. Decision of CA. Can be distributed easily using the communications and server systems which do not need much security – as these are digitally signed. Limitation: Time granularity of revocation is limited to the CRL issue period.

Online Status Checking: uses OCSP ( Online Certificate Status Protocol). The responder is the CA or the authorized person by the CA. The OCSP response is digitally signed, contains the identifier of the responder, time of response, status. Limitation: Very expensive.

SSL is used to create a secure connection between a user and a web page on the Internet.

It uses the Digital Certificates to authenticate the identities of the parties involved in the transaction.

IT works as following:

Once you access a secure URL the browser passes the following information to the server: Browser’s SSL version number, list of the encryption algorithms it supports, and a string of randomly generated data.

Then the Server replies with the same information as above along with it’s Digital Certificate.

The browser now determines the strongest encryption algorithm supported by both parties and creates a "premaster secret" from the data involved in the transaction thus far. The premaster secret is encrypted using the server’s public key and is passed to the server.

The server may also verify the validity of the client, then it will also check for all the corresponding details. Once the client validity is confirmed…. The server will decrypt the premaster secret .

Since both know the this value they will perform a series of calculations and calculate the “ master secret ”.Both should have arrived at the same value..so now they create a “session key”.